Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Hive Ransomware Operation Shut Down by Law Enforcement

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Hive Ransomware Shutdown

The Hive ransomware operation appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries. 

A message displayed in English and Russian on the Hive ransomware operation’s Tor-based website reads: The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.

Another message says the action was taken in coordination with Europol and authorities in Florida, which indicates that more details will likely be made available in the upcoming period by the Justice Department and Europol.

Until law enforcement agencies confirm the shutdown of Hive, there is a slight chance that the website seizure notice was posted by the cybercriminals themselves. Hacker groups falsely claiming to have been shut down by police is not unheard of. 

However, Allan Liska, a ransomware expert working for threat intelligence company Recorded Future, reported that the Hive infrastructure was seized. Liska also posted an image showing that many well-known ransomware groups have fallen.

The US government reported in November 2022 that the Hive ransomware gang had hit more than 1,300 businesses and made an estimated $100 million in ransom payments.

Data collected by the DarkFeed deep web intelligence project shows that Hive was still active last week. 

The Hive ransomware operation was launched in 2021. Offered under a ransomware-as-a-service (RaaS) model, the ransomware was often used against organizations in the healthcare sector, as well as other critical infrastructure. 

Advertisement. Scroll to continue reading.

The hackers used malware to encrypt the target’s files, but not before stealing data that could be used to pressure the victim into paying up. 

A free decryptor for files encrypted with the Hive ransomware was released by a South Korean cybersecurity agency in the summer of 2022. 

UPDATE: The US Department of Justice has confirmed dismantling the Hive ransomware operation. 

It turns out that the FBI infiltrated the Hive “control panel” in July 2022, allowing agents to identify victims and obtain decryption keys that allowed victims to recover encrypted files, preventing $130 million in ransom payments.  

In addition to seizing the domain associated with Hive’s leak website, law enforcement shut down servers used by the cybercriminals to store data. 

Authorities continue to investigate in an effort to identify the threat actors involved in the Hive operation, including developers, administrators and affiliates.

Related: Russia Lays the Smackdown on REvil Ransomware Gang

Related: Six Arrested for Roles in Clop Ransomware Operation

Related: DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills?

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ransomware

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.